US20190025777A1 - Method of Confirming Remote Programming of Device by Monitoring Station - Google Patents

Method of Confirming Remote Programming of Device by Monitoring Station Download PDF

Info

Publication number
US20190025777A1
US20190025777A1 US15/897,948 US201815897948A US2019025777A1 US 20190025777 A1 US20190025777 A1 US 20190025777A1 US 201815897948 A US201815897948 A US 201815897948A US 2019025777 A1 US2019025777 A1 US 2019025777A1
Authority
US
United States
Prior art keywords
programming data
control panel
panel
server system
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US15/897,948
Other versions
US10795328B2 (en
Inventor
Stephane Foisy
Derek Smith
Dwayne Richard Salsman
Trevor E. Green
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Johnson Controls Tyco IP Holdings LLP
Original Assignee
Tyco Safety Products Canada Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tyco Safety Products Canada Ltd filed Critical Tyco Safety Products Canada Ltd
Priority to US15/897,948 priority Critical patent/US10795328B2/en
Assigned to TYCO SAFETY PRODUCTS CANADA LTD. reassignment TYCO SAFETY PRODUCTS CANADA LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FOISY, STEPHANE, GREEN, TREVOR E., SALSMAN, DWAYNE RICHARD, SMITH, DEREK
Publication of US20190025777A1 publication Critical patent/US20190025777A1/en
Application granted granted Critical
Publication of US10795328B2 publication Critical patent/US10795328B2/en
Assigned to Johnson Controls Tyco IP Holdings LLP reassignment Johnson Controls Tyco IP Holdings LLP ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TYCO SAFETY PRODUCTS CANADA LTD
Assigned to Johnson Controls Tyco IP Holdings LLP reassignment Johnson Controls Tyco IP Holdings LLP NUNC PRO TUNC ASSIGNMENT (SEE DOCUMENT FOR DETAILS). Assignors: TYCO SAFETY PRODUCTS CANADA LTD.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B15/00Systems controlled by a computer
    • G05B15/02Systems controlled by a computer electric
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B29/00Checking or monitoring of signalling or alarm systems; Prevention or correction of operating errors, e.g. preventing unauthorised operation
    • G08B29/12Checking intermittently signalling or alarm systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/26Pc applications
    • G05B2219/2642Domotique, domestic, home control, automation, smart house
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B17/00Fire alarms; Alarms responsive to explosion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Definitions

  • Building management systems such as building automation systems, fire alarm systems and intrusion systems are often installed within a premises such as commercial, residential, or governmental buildings. Examples of these buildings include offices, hospitals, warehouses, multi-unit dwellings, schools or universities, shopping malls, government offices, and casinos.
  • the building management systems generally include building control panels that function as system controllers for distributed sensors, actuators and hybrid sensor/actuator devices.
  • the fire alarm systems will typically include fire control panels, fire detection/initiation devices and alarm notification devices.
  • the fire detection/initiation devices and alarm notification devices are installed throughout the buildings and connect to the panels. These devices communicate over a local circuit such as a safety and security network, which in turn connects to the fire control panel.
  • Some examples of fire detection/initiation devices include smoke detectors, carbon monoxide detectors, flame detectors, temperature sensors, and/or pull stations (also known as manual call points).
  • Some examples of fire notification devices include speakers, horns, bells, chimes, light emitting diode (LED) reader boards, and/or flashing lights (e.g., strobes).
  • LED light emitting diode
  • the fire detection devices monitor the buildings for indicators of fire. Upon detection of an indicator of fire such as smoke or heat or flames, the device is activated and a signal is sent from the activated device over the safety and security network to the fire control panel. The fire control panel then initiates an alarm condition by activating audio and visible alarms of the fire notification devices. Additionally, the fire control panel will also send the indications of fire as alarm information to a monitoring station, which will notify the local fire department or fire brigade.
  • the security systems typically include security panels and monitoring devices, where the monitoring devices detect indications of intrusions and unauthorized access at or within the building and report to the security panel.
  • the monitoring devices of the intrusion systems often include motion sensor devices, surveillance camera devices, and door controllers that communicate with the intrusion panel over a safety and security network and might also control the door locking/unlocking.
  • Motion sensor devices can detect intrusions and unauthorized access to the premises, and send indications of the intrusions to the security panel.
  • the surveillance camera devices capture video data of monitored areas within the premises, and door controllers provide access to perimeter and/or internal doors, in examples. Additionally, the security panel will also send the indications of intrusions as intrusion information to a monitoring station.
  • Building automation systems will typically include one or more building automation control panels and sensors, actuators, and/or and hybrid sensor/actuator devices. These devices control and monitor the physical plant aspects of a building and aspects of business-specific electrical, computer, and mechanical systems. These devices send sensor data that includes information regarding the physical plant to the building automation control panels.
  • the physical plant typically includes heating, ventilation, and air conditioning (HVAC) systems, elevators/escalators, lighting and power systems, refrigeration and coolant systems, and air and/or water purification systems, in examples.
  • HVAC heating, ventilation, and air conditioning
  • Business-specific systems include computer systems, manufacturing systems that include various types of computer-aided machinery and test equipment, and inventory control and tracking systems, in examples.
  • the monitoring stations will typically monitor multiple building management systems for status information reported from the building control panels of these systems.
  • the monitoring stations process the status information and then notify the proper authorities.
  • Monitoring stations are often required by regulations, making them a standard component of many building management systems, regardless of age or manufacturer of the components of these systems.
  • These monitoring stations can be administered by a third party company, the same company that provides or manufactures the building management systems, or a public agency, among examples.
  • the information includes alarm information sent from fire control panels, intrusion information sent from security panels, sensor data sent from the building automation control panels, and operational information of the panels, in examples.
  • Operational information includes state information of the panels, handshaking signals between the panels and the monitoring stations, and connection data of a communications link between the panels and monitoring station, in examples.
  • the information includes customer site information such as the location (e.g. street address) at which the panels are installed, and other customer-specific information of a sensitive or confidential nature.
  • this information includes names and addresses of individuals and their telephone numbers, account numbers and personal identification numbers (PIN), alarm codes used to arm and disarm security panels, and possibly other sensitive information.
  • the information also includes information sent from the monitoring station to the building control panels, such as operational state of the monitoring station.
  • the installer After an installer physically installs or prepares to install the control panel at its customer site, the installer initializes the control panel so that the panel can load its programming data (if it exists) and will also typically directly program the customer site information into the panel. Once the control panel initializes, the control panel loads and executes its programming data to become operational.
  • the problem that arises does not concern that the panel that was actually installed. Presumably, it was probably configured and was operational at the end of the installer's job. Instead, the problem concerns those panels that were partially configured/programmed and then returned to the installer's truck, for example. These panels were possibly partially or fully programmed with information associated with their initial, but aborted, installation. For example, those panels may contain customer site information from the aborted installation. When those panels are inevitably installed at a subsequent site, probably for a different customer, they may still be programmed with operation or customer site information associated with the aborted installation. As a result, when those panels enter an alarm state, in the case of fire alarm system, for example, and contact the monitoring station, they may provide the wrong information such as customer, or address, or account number.
  • the proposed system can provide a lightweight system for validating the programming data of a control panel of a building management system.
  • Programming data encompasses such things as the firmware version that the panel is executing, alarm information, operational information, and/or customer site information.
  • the system is lightweight in that does not require reprogramming (e.g. replacement) of the programming data at the control panel every time the control panel is initialized/powered up. Instead, the programming data is validated, and only then will the monitoring station be able to respond to the information sent from the control panel, in one example.
  • the invention features a method for processing information from a control panel in a building management system.
  • the method comprises validating programming data of the control panel and then a monitoring station responding to the information from the control panel if its programming data was validated.
  • validating the programming data comprises the control panel sending a value representing the programming data and a server system matching the value to a stored value representing stored programming data for the same control panel.
  • control panel upon failing to validate the programming data of the control panel, stored programming data is sent to the control panel, and the control panel updates its programming data with the received programming data.
  • control panel calculates the value representing the programming data of the control panel in response to modification of and/or updates to its programming data.
  • a communicator connected to the control panel calculates the value.
  • the programming data of the control panel can be validated during initialization of the control panel, and wherein the initialization resumes after the programming data is validated.
  • the validation can also be accomplished periodically.
  • the invention features a system for processing information from a control panel in a building management system.
  • This system comprises a server system that validates programming data of the control panel and a monitoring station that responds to the information from the control panel once the server system has validated the programming data.
  • the invention features a method of operation of a control panel in a building management system. This method comprises during initialization or periodically validating programming data of the control panel and then resuming initialization or operation if the programming data was validated.
  • the invention features a control panel in a building management system. It comprises a microcontroller storing programming data of the panel and a communicator for communicating a fingerprint corresponding to the programming data to a server system.
  • FIG. 1 is a block diagram of a monitoring station that communicates with control panels of various building management systems, where the monitoring station also communicates with a server system that validates the programming data of the control panels;
  • FIG. 2A is a block diagram showing a panel programming database of the server system, where the database is used by the server system to validate the programming data of the control panels;
  • FIG. 2B is a block diagram showing an alternate implementation of the panel programming database
  • FIG. 3 is a flow diagram showing a method for processing information sent from a control panel upon initialization of the control panel, according to the present invention.
  • FIG. 4 is a flow diagram showing another method for processing information sent from a control panel, for an initialized and running control panel.
  • the term “and/or” includes any and all combinations of one or more of the associated listed items. Further, the singular forms and the articles “a”, “an” and “the” are intended to include the plural forms as well, unless expressly stated otherwise. It will be further understood that the terms: includes, comprises, including and/or comprising, when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Further, it will be understood that when an element, including component or subsystem, is referred to and/or shown as being connected or coupled to another element, it can be directly connected or coupled to the other element or intervening elements may be present.
  • FIG. 1 shows an exemplary scenario in which different building control panels of different building management systems 100 communicate with a monitoring station 108 .
  • a security panel 120 and two fire control panels 110 - 1 and 110 - 2 are shown as different examples of building control panels. Each of the panels communicate over a different communications link 114 with the monitoring station 108 .
  • the control panels 110 , 120 are also communication with a server system via a public network 23 , in the typical example.
  • the fire control panels 110 - 1 and 110 - 2 and security panel 120 are installed at different customer sites Site1, Site2, and Site3, respectively.
  • the server system 48 and monitoring station 108 also communicate with one another over the public network 23 .
  • the monitoring station 108 and server system 48 might be connected to a local or enterprise network, which in turn connects to the public network 23 .
  • the server system 48 includes a panel programming database 44 .
  • Each of the control panels include programming data 33 that defines the operational state (e.g. programming state) when the control panels load and execute the programming data 33 .
  • This programming data includes the machine instructions or firmware that the microcontrollers of the panel execute. It also includes more specific information including operational information and customer site information.
  • the programming data also includes operational information, which in this context can include specific information concerning and identifying the panels such as media access control address (MAC address), internet protocol (IP) addresses, subscriber identification module (SIM) card numbers and any Dialed Number Identification Service (DNIS) information.
  • MAC address media access control address
  • IP internet protocol
  • SIM subscriber identification module
  • DNIS Dialed Number Identification Service
  • fire control panel 110 - 2 communicates with the monitoring station 108 via a cellular data link 114 - 2 .
  • fire control panel 110 - 1 communicates with the monitoring station 108 via the public network 23 and an Ethernet link 114 - 1 .
  • security panel 120 connects to standalone communicator 37 S using a local phone “tie”/connection, and the standalone communicator 37 S, in turn, connects to the monitoring station via a Plain Old Telephone Services (POTS) link 114 - 3 .
  • POTS Plain Old Telephone Services
  • control panels 110 , 120 further each maintain a synchronization or fingerprint value 22 P within the control panels that is typically accessible by the microcontrollers that operate the panels.
  • the fingerprint 22 P represents the programming data 33 of its control panel, and therefore the programming state of the control panel.
  • the fingerprint values 22 P may not be maintained by the control panels, per se. Some legacy control panels, or control panels manufactured by competitors, might not be capable of maintaining a fingerprint value 22 P within the control panels. Instead, the standalone communicator 37 S is provided for such panels. The standalone communicator 37 S maintains the fingerprint value 22 P representing the programming data 33 P of the control panel to which the standalone communicator 37 S connects. The standalone communicator 37 S communicator might also support the ability to calculate the fingerprint 22 .
  • the communicator 37 is an add-on module that is added to a legacy panel or even a more modern, microcontroller-based panel.
  • This add-on module can augment the capabilities of the panels by supporting newer/emerging communications links such as 5G and Long Term Evolution (LTE), in examples.
  • 5G and Long Term Evolution (LTE) Long Term Evolution
  • fire control panel 110 - 1 includes built-in communicator 37 - 1 , includes programming data 33 P- 1 , and maintains fingerprint 22 P- 1 that represents the programming data 33 P- 1 .
  • Fire control panel 110 - 3 includes built-in communicator 37 - 2 , includes programming data 33 P- 2 , and maintains fingerprint 22 P- 2 that represents the programming data 33 P- 2 .
  • Security panel 120 includes programming data 33 P- 3 .
  • Standalone communicator 37 S maintains fingerprint 22 P- 3 that represents the programming data 33 P- 3 of the security panel.
  • the “P” suffix of the programming data 33 P and fingerprint 22 P indicate programming data within the control panel and a fingerprint value within/on behalf of the programming data of the control panel.
  • fire control panel 110 - 1 is shown connected to safety and security network 111 - 1 .
  • Fire detection/initiation devices 109 on the safety and security network 111 - 1 detect indications of fire, and send alarm information 119 as an example of information sent to fire control panel 110 - 1 .
  • Fire detection/initiation devices 109 such as smoke detector 109 - 1 and pull station 109 - 2 are shown.
  • the fire detection/initiation devices 109 Upon detecting the indications of fire, the fire detection/initiation devices 109 also signal alarm notification devices 106 such as strobe 106 - 1 .
  • security panel 120 is shown connected to safety and security network 111 - 2 .
  • Monitoring devices 105 on the safety and security network 111 - 2 detect intrusions, and send intrusion information 121 as an example of information sent to security panel 120 .
  • Monitoring devices 105 such as motion sensor 105 - 1 and surveillance camera 105 - 2 are shown.
  • the communications between the control panels, monitoring station 108 , and server system 48 /database 44 might also be encrypted or otherwise require security challenges. Such a capability prevents the misconfiguration/compromising of the building management systems.
  • the building management systems may also operate as a “local only system.” This can occur when the customer/building owner has deactivated the monitoring service (did not renew contract, change provider, etc.). In this way, the control panels will locally react to fire, burglary or other events and alert building occupants, but the information normally reported to the monitoring station will not be communicated to the monitoring station 108 to avoid false dispatch of first responders. The process of review and check-in by the control panel to the server system 48 continues to apply as the monitoring service may be reactivated in the future (new home owner, etc.).
  • the fingerprints 22 P are used to validate the state of the programming data that is stored in each of the panels 110 , 120 .
  • this validation is performed using the server system 48 .
  • the server system stores a fingerprint 22 S associated with each of the panels.
  • the server system 48 then compares that fingerprint 22 S to a fingerprint 22 P sent by or on behalf of the control panels.
  • these fingerprints 22 P are sent by the control panels directly to the server system 48 via the public network 23 . In other cases, the fingerprints 22 P are sent to the monitoring station 108 and then forwarded to the server system 48 .
  • the monitoring station 108 can respond to information, such as alarm information, sent by the control panels, when the programming data 33 of the control panels have been validated against fingerprints stored in the panel programming database 44 for each of the panels.
  • FIG. 2A shows an example implementation of the panel programming database 44 .
  • the database 44 has an entry 30 for each control panel. Exemplary fields within each entry include a panel ID, a stored fingerprint 22 S, a stored instance of programming data 33 S, and a description.
  • the stored instance of programming data 33 S and its fingerprint 22 S within the database 44 is the programming data 33 S of record for its associated control panel.
  • Entries 30 - 1 , 30 - 2 , and 30 - 3 correspond to fire control panel 110 - 1 , fire control panel 110 - 2 , and security panel 120 , respectively.
  • the “S” suffix of the programming data 33 S and fingerprint 22 S indicate stored instances of the programming data and fingerprint within the database 44 for the control panel.
  • the server system 48 recalculates the stored fingerprint 22 S whenever the stored programming data 33 S is modified or updated.
  • the stored fingerprint 22 S is a generated random number.
  • the stored fingerprint 22 S might additionally include the panel ID/serial number of the server system 44 .
  • programming data 33 S- 3 - 1 is the customer account number;
  • 33 S- 3 - 2 is a panel communication ID (e.g. 888-333-1111 for a POTS 114-3 link);
  • 33 S- 3 - 3 is a panel firmware version;
  • 33 S- 3 - 4 is a panel serial number (S/N);
  • 33 S- 3 - 5 is a panel street location;
  • 33 S- 3 - 6 are panel coordinates;
  • 33 S- 3 - 7 is a routine system maintenance value; and
  • 33 S- 3 - 7 is a monitoring station communication identifier (e.g. 888-333-3333 for a POTS 114-3 link).
  • control panel/communicator If the control panel/communicator is not able to access or otherwise contact the server system 48 (there could be many reasons for such a situation: database offline, power outage, or even illicitly compromising reasons) to validate the fingerprints, there is a timeout. Once the timeout expires, the control panels will use their local programming data 33 P and continue and send alarm signals and information to the monitoring station 108 . In some embodiments, extra information is provided to the monitoring station 108 to indicate the programming data 33 P was not validated and that proper steps should be taken by the monitoring station in its response. In one example, the monitoring station dispatches maintenance personnel in response to the alarm from a non-validated panel. In other cases, the monitoring station reinitiates the synchronize routine to a full security dispatch if the site is of higher security.
  • FIG. 2B shows another exemplary implementation of the panel programming database 44 . More detail for entry 30 - 3 for panel ID 120 (i.e. security panel 120 ) is shown.
  • FIG. 3 describes a method for validating programming data 33 P of an initialized control panel, and enabling the monitoring station 108 to respond to information from the control panel if its programming data 33 P was validated.
  • step 302 the control panel is powered up at a customer site/installation location. Every time a control panel powers up, it executes a set of initial operations.
  • step 308 the server system 48 determines whether the received fingerprint 22 P and the stored fingerprint 22 S match. If the fingerprints 22 P/ 22 S do not match, the method transitions to step 320 . Otherwise, the method transitions to step 310 .
  • the server system 48 sends a message to the monitoring station 108 .
  • the message enables the monitoring station 108 to act upon or otherwise respond to information sent from the control panel.
  • this message may be an alarm indicated that the fire alarm panel has detected indications of fire, in which case, the monitoring station will signal or call the local fire brigade.
  • step 320 the mismatch indicates that the programming data 33 P is not validated. This correspondingly indicates that the programming data 33 P at the control panel and the stored programming data 33 S at the server system 48 /database 44 for the same control panel are no longer synchronized. As a result of the mismatch, the server system 48 sends its stored programming data 33 S to the control panel, and requests that the control panel update its programming data 33 P.
  • the control panel updates with the received programming data 33 S sent from the server system 48 , and recalculates its fingerprint 22 P value representing the programming data.
  • the update is accomplished by deleting the local instance of programming data 33 P, replacing it with the received programming data 33 S, and resuming operation based upon the replaced/received programming data 33 P.
  • the control panel has a built-in communicator 37 that also supports the ability to calculate the fingerprint 22 P representing its programmed data 33 P.
  • the control panel is connected to a standalone communicator 37 S, and the standalone communicator 37 S recalculates the fingerprint value 22 P whenever the programming data 33 P of the control panel is modified or updated.
  • control panel in step 322 also handles the case where the programmed data 33 P has been modified by an installer or sent from a device other than the server system 48 .
  • the control panel recalculates the fingerprint value 22 P based upon any change to the programmed data 33 P.
  • the server system in step 320 sends the stored fingerprint value 22 S representing the stored programming data 33 S along with the stored programming data 33 S.
  • the control panel in step 322 then uses the received fingerprint value 22 thereafter to represent its programming data. This embodiment allows for simpler/faster validation as the control panel may not have the processing power necessary for the calculating the fingerprint value 22 P.
  • control panel then notifies the server system 48 that the update is complete.
  • control panel Upon completion of step 324 , in one implementation, the control panel also transitions to step 304 to repeat the validation process after the new programming data 33 P has been loaded and executed.
  • control panel will again send information identifying the panel and fingerprint value 22 P representing the programming data 33 P, in case the stored fingerprint value 22 S/stored programming data 22 S changed or otherwise could not be processed while the new programming data 33 P was storing and updating on the control panel.
  • FIG. 4 describes a method for validating programming data 33 P of an already running control panel, and enabling the monitoring station 108 to respond to information from the control panel if its programming data 33 P was validated.
  • step 402 the control panel is running and is able to receive data.
  • step 404 the control panel sends information identifying the panel, such as its serial number, and the fingerprint 22 P representing the programming data 33 P of its panel to the server system 48 .
  • information identifying the panel such as its serial number
  • the fingerprint 22 P representing the programming data 33 P of its panel
  • the server system receives the fingerprint 22 P representing the programming data 33 P for the control panel to validate the programming data 33 P. This validation confirms whether the control panel is properly configured for the current customer site/installed location, for example, and also possibly that the panel is executing the correct firmware version.
  • the server system 48 compares the received fingerprint 22 P to the stored fingerprint 22 S representing the stored programming data 33 S for the same control panel.
  • the stored fingerprint 22 S/stored programming data 33 S for the control panel are maintained in the database 44 .
  • step 410 If the fingerprints 22 P/ 22 S match, in step 410 , this indicates that the programming data 33 P is validated.
  • the control panel continues normal functionality in accordance with its programming data 33 P.
  • the fingerprint value 22 P representing the programming data 33 P is unchanged at the control panel (or standalone communicator 37 S connected to the control panel).
  • step 412 the server system 48 sends a message to the monitoring station 108 .
  • the message enables the monitoring station 108 to act upon or otherwise respond to information sent from the control panel.
  • the control panel updates with the received programming data 33 S sent from the server system 48 , and recalculates its fingerprint 22 P value representing the programming data.
  • the update is accomplished by deleting the local instance of programming data 33 P, replacing it with the received programming data 33 S, and resuming operation based upon the replaced/received programming data 33 P.
  • control panel has a built-in communicator 37 that also supports the ability to calculate the fingerprint 22 P representing its programmed data 33 P.
  • control panel is connected to a standalone communicator 37 S, and the standalone communicator 37 S recalculates the fingerprint value 22 P whenever the programming data 33 P of the control panel is modified or updated.
  • control panel in step 422 also handles the case where the programmed data 33 P has been modified by an installer or sent from a device other than the server system 48 .
  • the control panel recalculates the fingerprint value 22 P based upon any change to the programmed data 33 P.
  • the server system in step 420 sends the stored fingerprint value 22 S representing the stored programming data 33 S along with the stored programming data 33 S.
  • the control panel in step 422 then uses the received fingerprint value 22 thereafter to represent its programming data. This embodiment allows for simpler/faster validation as the control panel may not have the processing power necessary for the calculating the fingerprint value 22 P.
  • step 424 the control panel then notifies the server system 48 that the update is complete. Upon completion of step 424 , the method transitions to step 412 .
  • the method safeguards against local misconfiguration of an already running control panel by an installer, building owner, or other individual with malicious intent, in examples.

Abstract

A method and system for processing information from a control panel in a building management system validates programming data of the control panel and then a monitoring station responding to the information from the control panel if its programming data was validated. A server system can be used for this validation. The proposed system can provide a lightweight system for validation to avoid problems arising from incorrectly configured panels sending false alarms to monitoring stations.

Description

    RELATED APPLICATIONS
  • This application claims the benefit under 35 USC 119(e) of U.S. Provisional Application No. 62/536,166 filed on Jul. 24, 2017, which is incorporated herein by reference in its entirety.
    • BACKGROUND OF THE INVENTION
  • Building management systems such as building automation systems, fire alarm systems and intrusion systems are often installed within a premises such as commercial, residential, or governmental buildings. Examples of these buildings include offices, hospitals, warehouses, multi-unit dwellings, schools or universities, shopping malls, government offices, and casinos. The building management systems generally include building control panels that function as system controllers for distributed sensors, actuators and hybrid sensor/actuator devices.
  • For example, the fire alarm systems will typically include fire control panels, fire detection/initiation devices and alarm notification devices. The fire detection/initiation devices and alarm notification devices are installed throughout the buildings and connect to the panels. These devices communicate over a local circuit such as a safety and security network, which in turn connects to the fire control panel. Some examples of fire detection/initiation devices include smoke detectors, carbon monoxide detectors, flame detectors, temperature sensors, and/or pull stations (also known as manual call points). Some examples of fire notification devices include speakers, horns, bells, chimes, light emitting diode (LED) reader boards, and/or flashing lights (e.g., strobes).
  • The fire detection devices monitor the buildings for indicators of fire. Upon detection of an indicator of fire such as smoke or heat or flames, the device is activated and a signal is sent from the activated device over the safety and security network to the fire control panel. The fire control panel then initiates an alarm condition by activating audio and visible alarms of the fire notification devices. Additionally, the fire control panel will also send the indications of fire as alarm information to a monitoring station, which will notify the local fire department or fire brigade.
  • In a similar vein, the security systems typically include security panels and monitoring devices, where the monitoring devices detect indications of intrusions and unauthorized access at or within the building and report to the security panel. The monitoring devices of the intrusion systems often include motion sensor devices, surveillance camera devices, and door controllers that communicate with the intrusion panel over a safety and security network and might also control the door locking/unlocking. Motion sensor devices can detect intrusions and unauthorized access to the premises, and send indications of the intrusions to the security panel. The surveillance camera devices capture video data of monitored areas within the premises, and door controllers provide access to perimeter and/or internal doors, in examples. Additionally, the security panel will also send the indications of intrusions as intrusion information to a monitoring station.
  • Building automation systems will typically include one or more building automation control panels and sensors, actuators, and/or and hybrid sensor/actuator devices. These devices control and monitor the physical plant aspects of a building and aspects of business-specific electrical, computer, and mechanical systems. These devices send sensor data that includes information regarding the physical plant to the building automation control panels. The physical plant typically includes heating, ventilation, and air conditioning (HVAC) systems, elevators/escalators, lighting and power systems, refrigeration and coolant systems, and air and/or water purification systems, in examples. Business-specific systems include computer systems, manufacturing systems that include various types of computer-aided machinery and test equipment, and inventory control and tracking systems, in examples.
  • The monitoring stations will typically monitor multiple building management systems for status information reported from the building control panels of these systems. The monitoring stations process the status information and then notify the proper authorities. Monitoring stations are often required by regulations, making them a standard component of many building management systems, regardless of age or manufacturer of the components of these systems. These monitoring stations can be administered by a third party company, the same company that provides or manufactures the building management systems, or a public agency, among examples.
  • Many different types of information are sent between the building control panels and the monitoring station. The information includes alarm information sent from fire control panels, intrusion information sent from security panels, sensor data sent from the building automation control panels, and operational information of the panels, in examples. Operational information includes state information of the panels, handshaking signals between the panels and the monitoring stations, and connection data of a communications link between the panels and monitoring station, in examples. In addition, the information includes customer site information such as the location (e.g. street address) at which the panels are installed, and other customer-specific information of a sensitive or confidential nature. In examples, this information includes names and addresses of individuals and their telephone numbers, account numbers and personal identification numbers (PIN), alarm codes used to arm and disarm security panels, and possibly other sensitive information. The information also includes information sent from the monitoring station to the building control panels, such as operational state of the monitoring station.
    • SUMMARY OF THE INVENTION
  • After an installer physically installs or prepares to install the control panel at its customer site, the installer initializes the control panel so that the panel can load its programming data (if it exists) and will also typically directly program the customer site information into the panel. Once the control panel initializes, the control panel loads and executes its programming data to become operational.
  • It is not uncommon for this installation process to be interrupted at some stage. The installer may encounter problems installing the specific panel. Possibly there is some issue with its firmware. On the other hand, the installer could simply have initially chosen the wrong make/model panel for the installation. As a result, the installer must now uninstall the wrong panel and install the correct panel model. And, there are numerous other scenarios under which a panel might be partially installed and configured and then returned to the installer's truck and/or warehouse.
  • The problem that arises does not concern that the panel that was actually installed. Presumably, it was probably configured and was operational at the end of the installer's job. Instead, the problem concerns those panels that were partially configured/programmed and then returned to the installer's truck, for example. These panels were possibly partially or fully programmed with information associated with their initial, but aborted, installation. For example, those panels may contain customer site information from the aborted installation. When those panels are inevitably installed at a subsequent site, probably for a different customer, they may still be programmed with operation or customer site information associated with the aborted installation. As a result, when those panels enter an alarm state, in the case of fire alarm system, for example, and contact the monitoring station, they may provide the wrong information such as customer, or address, or account number.
  • In this situation, the programming state of the control panel has become out of synchronization with the programming state of record for the panel at that site. And, there are still other scenarios where a given panel may acquire invalid or incorrect programming data.
  • The proposed system can provide a lightweight system for validating the programming data of a control panel of a building management system. Programming data encompasses such things as the firmware version that the panel is executing, alarm information, operational information, and/or customer site information. The system is lightweight in that does not require reprogramming (e.g. replacement) of the programming data at the control panel every time the control panel is initialized/powered up. Instead, the programming data is validated, and only then will the monitoring station be able to respond to the information sent from the control panel, in one example.
  • In general, according to one aspect, the invention features a method for processing information from a control panel in a building management system. The method comprises validating programming data of the control panel and then a monitoring station responding to the information from the control panel if its programming data was validated.
  • In embodiments, validating the programming data comprises the control panel sending a value representing the programming data and a server system matching the value to a stored value representing stored programming data for the same control panel.
  • Preferably, upon failing to validate the programming data of the control panel, stored programming data is sent to the control panel, and the control panel updates its programming data with the received programming data.
  • In some cases, the control panel calculates the value representing the programming data of the control panel in response to modification of and/or updates to its programming data.
  • In other cases, a communicator connected to the control panel calculates the value.
  • The programming data of the control panel can be validated during initialization of the control panel, and wherein the initialization resumes after the programming data is validated. The validation can also be accomplished periodically.
  • In general, according to another aspect, the invention features a system for processing information from a control panel in a building management system. This system comprises a server system that validates programming data of the control panel and a monitoring station that responds to the information from the control panel once the server system has validated the programming data.
  • In general, according to another aspect, the invention features a method of operation of a control panel in a building management system. This method comprises during initialization or periodically validating programming data of the control panel and then resuming initialization or operation if the programming data was validated.
  • In general, according to still another aspect, the invention features a control panel in a building management system. It comprises a microcontroller storing programming data of the panel and a communicator for communicating a fingerprint corresponding to the programming data to a server system.
  • The above and other features of the invention including various novel details of construction and combinations of parts, and other advantages, will now be more particularly described with reference to the accompanying drawings and pointed out in the claims. It will be understood that the particular method and device embodying the invention are shown by way of illustration and not as a limitation of the invention. The principles and features of this invention may be employed in various and numerous embodiments without departing from the scope of the invention.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In the accompanying drawings, reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale; emphasis has instead been placed upon illustrating the principles of the invention. Of the drawings:
  • FIG. 1 is a block diagram of a monitoring station that communicates with control panels of various building management systems, where the monitoring station also communicates with a server system that validates the programming data of the control panels;
  • FIG. 2A is a block diagram showing a panel programming database of the server system, where the database is used by the server system to validate the programming data of the control panels;
  • FIG. 2B is a block diagram showing an alternate implementation of the panel programming database;
  • FIG. 3 is a flow diagram showing a method for processing information sent from a control panel upon initialization of the control panel, according to the present invention; and
  • FIG. 4 is a flow diagram showing another method for processing information sent from a control panel, for an initialized and running control panel.
    •  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • The invention now will be described more fully hereinafter with reference to the accompanying drawings, in which illustrative embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
  • As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. Further, the singular forms and the articles “a”, “an” and “the” are intended to include the plural forms as well, unless expressly stated otherwise. It will be further understood that the terms: includes, comprises, including and/or comprising, when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Further, it will be understood that when an element, including component or subsystem, is referred to and/or shown as being connected or coupled to another element, it can be directly connected or coupled to the other element or intervening elements may be present.
  • Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
  • FIG. 1 shows an exemplary scenario in which different building control panels of different building management systems 100 communicate with a monitoring station 108.
  • In the illustrated example, a security panel 120, and two fire control panels 110-1 and 110-2 are shown as different examples of building control panels. Each of the panels communicate over a different communications link 114 with the monitoring station 108. The control panels 110, 120 are also communication with a server system via a public network 23, in the typical example. The fire control panels 110-1 and 110-2 and security panel 120 are installed at different customer sites Site1, Site2, and Site3, respectively.
  • The server system 48 and monitoring station 108 also communicate with one another over the public network 23. In another example, the monitoring station 108 and server system 48 might be connected to a local or enterprise network, which in turn connects to the public network 23. The server system 48 includes a panel programming database 44.
  • Each of the control panels include programming data 33 that defines the operational state (e.g. programming state) when the control panels load and execute the programming data 33. This programming data includes the machine instructions or firmware that the microcontrollers of the panel execute. It also includes more specific information including operational information and customer site information.
  • In general, the programming data 33 includes information that uniquely identifies each control panel and enables the control panels to communicate with the monitoring station 108. This information typically includes a serial number of the panel, information that identifies the customer name and location/address at which the panel is installed, and communication identifiers for the control panel and the monitoring station. When the communications link is a POTS link 114-3, for example, the communication identifier for the control panel is the telephone number of a local telephone system to which the control panel is tied, and the identifier for the monitoring station 108 is a telephone number of the monitoring station.
  • The programming data also includes operational information, which in this context can include specific information concerning and identifying the panels such as media access control address (MAC address), internet protocol (IP) addresses, subscriber identification module (SIM) card numbers and any Dialed Number Identification Service (DNIS) information.
  • In addition, the programming data also includes customer site information, which includes information such as the location (e.g. street address) at which the panels are installed, and other customer-specific information of a sensitive or confidential nature such as names and addresses of individuals and their telephone numbers, account numbers and personal identification numbers (PIN), alarm codes used to arm and disarm security panels, and possibly other sensitive information.
  • In the illustrated example, the panels utilize communicators 37 to maintain the communications with the monitoring station 108. These communicators 37 can be integrated within the control panels or be standalone components. The standalone communicators 37S connect to the panels and function as an interface between the panels and the particular communications link that connects those panels to the monitoring station 108.
  • Different communication links are shown. For example, fire control panel 110-2 communicates with the monitoring station 108 via a cellular data link 114-2. On the other hand, fire control panel 110-1 communicates with the monitoring station 108 via the public network 23 and an Ethernet link 114-1. Finally, security panel 120 connects to standalone communicator 37S using a local phone “tie”/connection, and the standalone communicator 37S, in turn, connects to the monitoring station via a Plain Old Telephone Services (POTS) link 114-3.
  • In this way, information can be transmitted between the panels 110, 120 and the monitoring station 108. This information typically encompasses alarm information sent from fire control panels, intrusion information sent from security panels, sensor data sent from the building automation control panels, and operational information of the panels, in examples. Operational information includes state information of the panels, handshaking signals between the panels and the monitoring stations, and connection data of a communications link between the panels and monitoring station, in examples. In addition, the information includes customer site information.
  • According to the invention, in one implementation, the control panels 110, 120 further each maintain a synchronization or fingerprint value 22P within the control panels that is typically accessible by the microcontrollers that operate the panels. The fingerprint 22P represents the programming data 33 of its control panel, and therefore the programming state of the control panel.
  • In some implementations, however, the fingerprint values 22P may not be maintained by the control panels, per se. Some legacy control panels, or control panels manufactured by competitors, might not be capable of maintaining a fingerprint value 22P within the control panels. Instead, the standalone communicator 37S is provided for such panels. The standalone communicator 37S maintains the fingerprint value 22P representing the programming data 33P of the control panel to which the standalone communicator 37S connects. The standalone communicator 37S communicator might also support the ability to calculate the fingerprint 22.
  • In yet another example, the communicator 37 is an add-on module that is added to a legacy panel or even a more modern, microcontroller-based panel. This add-on module can augment the capabilities of the panels by supporting newer/emerging communications links such as 5G and Long Term Evolution (LTE), in examples.
  • Also, in more detail, fire control panel 110-1 includes built-in communicator 37-1, includes programming data 33P-1, and maintains fingerprint 22P-1 that represents the programming data 33P-1. Fire control panel 110-3 includes built-in communicator 37-2, includes programming data 33P-2, and maintains fingerprint 22P-2 that represents the programming data 33P-2. Security panel 120 includes programming data 33P-3. Standalone communicator 37S maintains fingerprint 22P-3 that represents the programming data 33P-3 of the security panel. Here, the “P” suffix of the programming data 33P and fingerprint 22P indicate programming data within the control panel and a fingerprint value within/on behalf of the programming data of the control panel.
  • To illustrate specific implementation details, fire control panel 110-1, for example, is shown connected to safety and security network 111-1. Fire detection/initiation devices 109 on the safety and security network 111-1 detect indications of fire, and send alarm information 119 as an example of information sent to fire control panel 110-1. Fire detection/initiation devices 109 such as smoke detector 109-1 and pull station 109-2 are shown. Upon detecting the indications of fire, the fire detection/initiation devices 109 also signal alarm notification devices 106 such as strobe 106-1.
  • To illustrate further implementation details, security panel 120 is shown connected to safety and security network 111-2. Monitoring devices 105 on the safety and security network 111-2 detect intrusions, and send intrusion information 121 as an example of information sent to security panel 120. Monitoring devices 105 such as motion sensor 105-1 and surveillance camera 105-2 are shown.
  • The communications between the control panels, monitoring station 108, and server system 48/database 44 might also be encrypted or otherwise require security challenges. Such a capability prevents the misconfiguration/compromising of the building management systems.
  • The building management systems may also operate as a “local only system.” This can occur when the customer/building owner has deactivated the monitoring service (did not renew contract, change provider, etc.). In this way, the control panels will locally react to fire, burglary or other events and alert building occupants, but the information normally reported to the monitoring station will not be communicated to the monitoring station 108 to avoid false dispatch of first responders. The process of review and check-in by the control panel to the server system 48 continues to apply as the monitoring service may be reactivated in the future (new home owner, etc.).
  • In any event, of particular relevance here, the fingerprints 22P are used to validate the state of the programming data that is stored in each of the panels 110, 120. In the illustrated embodiment, this validation is performed using the server system 48. The server system stores a fingerprint 22S associated with each of the panels. The server system 48 then compares that fingerprint 22S to a fingerprint 22P sent by or on behalf of the control panels.
  • In some examples, these fingerprints 22P are sent by the control panels directly to the server system 48 via the public network 23. In other cases, the fingerprints 22P are sent to the monitoring station 108 and then forwarded to the server system 48.
  • These transmitted fingerprints are used to validate the programming data 33 of the control panels. The monitoring station 108 can respond to information, such as alarm information, sent by the control panels, when the programming data 33 of the control panels have been validated against fingerprints stored in the panel programming database 44 for each of the panels.
  • FIG. 2A shows an example implementation of the panel programming database 44.
  • The database 44 has an entry 30 for each control panel. Exemplary fields within each entry include a panel ID, a stored fingerprint 22S, a stored instance of programming data 33S, and a description. The stored instance of programming data 33S and its fingerprint 22S within the database 44 is the programming data 33S of record for its associated control panel.
  • Entries 30-1, 30-2, and 30-3 correspond to fire control panel 110-1, fire control panel 110-2, and security panel 120, respectively. Here, the “S” suffix of the programming data 33S and fingerprint 22S indicate stored instances of the programming data and fingerprint within the database 44 for the control panel.
  • The fingerprint 22 can take many different forms. In one example, the fingerprint 22 is a generated random number. The fingerprint 22 might additionally include the panel ID/serial number of the control panel, and routine system maintenance information, in examples. The fingerprint 22 also contain or encompass other values such as firmware version, status or RSM (routine system maintenance) and the server system 48 may be able to request status/firmware, RSM updates as well as other functions.
  • The server system 48 recalculates the stored fingerprint 22S whenever the stored programming data 33S is modified or updated. In one example, the stored fingerprint 22S is a generated random number. The stored fingerprint 22S might additionally include the panel ID/serial number of the server system 44.
  • More detail for stored programming data 33S-3 of security panel 120 is also shown. For example, programming data 33S-3-1 is the customer account number; 33S-3-2 is a panel communication ID (e.g. 888-333-1111 for a POTS 114-3 link); 33S-3-3 is a panel firmware version; 33S-3-4 is a panel serial number (S/N); 33S-3-5 is a panel street location; 33S-3-6 are panel coordinates; 33S-3-7 is a routine system maintenance value; and 33S-3-7 is a monitoring station communication identifier (e.g. 888-333-3333 for a POTS 114-3 link).
  • If the control panel/communicator is not able to access or otherwise contact the server system 48 (there could be many reasons for such a situation: database offline, power outage, or even illicitly compromising reasons) to validate the fingerprints, there is a timeout. Once the timeout expires, the control panels will use their local programming data 33P and continue and send alarm signals and information to the monitoring station 108. In some embodiments, extra information is provided to the monitoring station 108 to indicate the programming data 33P was not validated and that proper steps should be taken by the monitoring station in its response. In one example, the monitoring station dispatches maintenance personnel in response to the alarm from a non-validated panel. In other cases, the monitoring station reinitiates the synchronize routine to a full security dispatch if the site is of higher security.
  • FIG. 2B shows another exemplary implementation of the panel programming database 44. More detail for entry 30-3 for panel ID 120 (i.e. security panel 120) is shown.
  • Here, the database 44 supports different levels or tiers of fingerprints 22S-3. At a high level, as in FIG. 2A, fingerprint 22S-3 operates as a global synchronization value for tracking any changes to the stored programming data 33S-3. In addition, fingerprints 22S-3-1 and 22S-3-4 represent individual fields/data items 33S-3-1 and 33S-3-5 within the stored programming data 33S-3. Such a feature enables finer control over detecting and tracing changes within the programming data 33S-3, and also limits the amount of data traffic between control panel and monitoring station. It is important to note that to properly synchronize the programming data 33P of the control panel with the stored programming data 33S, the same ability to provide per-item fingerprints 22P at the control panel or on behalf of the control panel would also have to be implemented.
  • FIG. 3 describes a method for validating programming data 33P of an initialized control panel, and enabling the monitoring station 108 to respond to information from the control panel if its programming data 33P was validated.
  • In step 302, the control panel is powered up at a customer site/installation location. Every time a control panel powers up, it executes a set of initial operations.
  • According to step 304, one of the initial operations upon initialization of the control panel is to send (or signal its standalone communicator 37S to send) information identifying the panel, such as its serial number, and the fingerprint 22P representing the programming data 33P of its panel to the server system 48, via the public network, for example.
  • In step 306, the server system receives the fingerprint 22P representing the programming data 33P for the control panel to validate the programming data 33P. This validation confirms whether the control panel is properly configured for the current customer site/installed location. The server system 48 compares the received fingerprint 22P to the stored fingerprint 22S representing the stored programming data 33S for the same control panel. The stored fingerprint 22S/stored programming data 33S for the control panel are maintained in the database 44.
  • According to step 308, the server system 48 determines whether the received fingerprint 22P and the stored fingerprint 22S match. If the fingerprints 22P/22S do not match, the method transitions to step 320. Otherwise, the method transitions to step 310.
  • If the fingerprints 22P/22S match, in step 310, this indicates that the programming data 33P is validated. In response, in step 312, the server system sends a “go ahead” message instructing the control panel to resume its initialization. The control panel receives the “go ahead” message, resumes its initialization, and continues normal functionality in accordance with its programming data 33P. The fingerprint value 22P representing the programming data 33P is unchanged at the control panel (or standalone communicator 37S connected to the control panel).
  • Then, in step 314, the server system 48 sends a message to the monitoring station 108. The message enables the monitoring station 108 to act upon or otherwise respond to information sent from the control panel. In one example, this message may be an alarm indicated that the fire alarm panel has detected indications of fire, in which case, the monitoring station will signal or call the local fire brigade.
  • If the fingerprints 22P/22S do not match, in step 320, the mismatch indicates that the programming data 33P is not validated. This correspondingly indicates that the programming data 33P at the control panel and the stored programming data 33S at the server system 48/database 44 for the same control panel are no longer synchronized. As a result of the mismatch, the server system 48 sends its stored programming data 33S to the control panel, and requests that the control panel update its programming data 33P.
  • In one embodiment, as shown in step 322, the control panel updates with the received programming data 33S sent from the server system 48, and recalculates its fingerprint 22P value representing the programming data. In one example, the update is accomplished by deleting the local instance of programming data 33P, replacing it with the received programming data 33S, and resuming operation based upon the replaced/received programming data 33P. In this embodiment, in one example, the control panel has a built-in communicator 37 that also supports the ability to calculate the fingerprint 22P representing its programmed data 33P. In another example, the control panel is connected to a standalone communicator 37S, and the standalone communicator 37S recalculates the fingerprint value 22P whenever the programming data 33P of the control panel is modified or updated.
  • It is also important to note that the control panel in step 322 also handles the case where the programmed data 33P has been modified by an installer or sent from a device other than the server system 48. The control panel recalculates the fingerprint value 22P based upon any change to the programmed data 33P.
  • In another embodiment, the server system in step 320 sends the stored fingerprint value 22S representing the stored programming data 33S along with the stored programming data 33S. The control panel in step 322 then uses the received fingerprint value 22 thereafter to represent its programming data. This embodiment allows for simpler/faster validation as the control panel may not have the processing power necessary for the calculating the fingerprint value 22P.
  • According to step 324, the control panel then notifies the server system 48 that the update is complete.
  • Upon completion of step 324, in one implementation, the control panel also transitions to step 304 to repeat the validation process after the new programming data 33P has been loaded and executed. Here, the control panel will again send information identifying the panel and fingerprint value 22P representing the programming data 33P, in case the stored fingerprint value 22S/stored programming data 22S changed or otherwise could not be processed while the new programming data 33P was storing and updating on the control panel.
  • FIG. 4 describes a method for validating programming data 33P of an already running control panel, and enabling the monitoring station 108 to respond to information from the control panel if its programming data 33P was validated.
  • In step 402, the control panel is running and is able to receive data.
  • According to step 403, the server system 48 periodically sends a synchronization request to the running control panel. The request specifies that the control panel send the fingerprint representing its programming data to the server system 48 for validation. In one example, this safeguards against changes to the programming data 33P in response to a new activation of the control panel initiated by the server system 48. For example, the server system might send an activation initiation request when a new building owner moves in and requests the monitoring service provided by the monitoring station 108 to be activated, where the previous owner deactivated the service. In another example, this safeguards against a deactivation request, when the building owner is moving or no longer wants the service.
  • In step 404, the control panel sends information identifying the panel, such as its serial number, and the fingerprint 22P representing the programming data 33P of its panel to the server system 48. This is substantially similar to step 304 in the method of FIG. 3.
  • In step 406, the server system receives the fingerprint 22P representing the programming data 33P for the control panel to validate the programming data 33P. This validation confirms whether the control panel is properly configured for the current customer site/installed location, for example, and also possibly that the panel is executing the correct firmware version. The server system 48 compares the received fingerprint 22P to the stored fingerprint 22S representing the stored programming data 33S for the same control panel. The stored fingerprint 22S/stored programming data 33S for the control panel are maintained in the database 44.
  • According to step 408, the server system 48 determines whether the received fingerprint 22P and the stored fingerprint 22S match. If the fingerprints 22P/22S do not match, the method transitions to step 420. Otherwise, the method transitions to step 410.
  • If the fingerprints 22P/22S match, in step 410, this indicates that the programming data 33P is validated. The control panel continues normal functionality in accordance with its programming data 33P. The fingerprint value 22P representing the programming data 33P is unchanged at the control panel (or standalone communicator 37S connected to the control panel).
  • Then, in step 412, the server system 48 sends a message to the monitoring station 108. The message enables the monitoring station 108 to act upon or otherwise respond to information sent from the control panel.
  • If the fingerprints 22P/22S do not match, in step 420, the mismatch indicates that the programming data 33P is not validated. This correspondingly indicates that the programming data 33P at the control panel and the stored programming data 33S at the server system 48/database 44 for the same control panel are no longer synchronized. As a result of the mismatch, the server system 48 sends its stored programming data 33S to the control panel, and requests that the control panel update its programming data 33P.
  • In one embodiment, as shown in step 422, the control panel updates with the received programming data 33S sent from the server system 48, and recalculates its fingerprint 22P value representing the programming data. The update is accomplished by deleting the local instance of programming data 33P, replacing it with the received programming data 33S, and resuming operation based upon the replaced/received programming data 33P.
  • In one example, the control panel has a built-in communicator 37 that also supports the ability to calculate the fingerprint 22P representing its programmed data 33P. In another example, the control panel is connected to a standalone communicator 37S, and the standalone communicator 37S recalculates the fingerprint value 22P whenever the programming data 33P of the control panel is modified or updated.
  • It is also important to note that the control panel in step 422 also handles the case where the programmed data 33P has been modified by an installer or sent from a device other than the server system 48. The control panel recalculates the fingerprint value 22P based upon any change to the programmed data 33P.
  • In another embodiment, the server system in step 420 sends the stored fingerprint value 22S representing the stored programming data 33S along with the stored programming data 33S. The control panel in step 422 then uses the received fingerprint value 22 thereafter to represent its programming data. This embodiment allows for simpler/faster validation as the control panel may not have the processing power necessary for the calculating the fingerprint value 22P.
  • According to step 424, the control panel then notifies the server system 48 that the update is complete. Upon completion of step 424, the method transitions to step 412.
  • In one example, the method safeguards against local misconfiguration of an already running control panel by an installer, building owner, or other individual with malicious intent, in examples.
  • While this invention has been particularly shown and described with references to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Claims (17)

What is claimed is:
1. A method for processing information from a control panel in a building management system, the method comprising:
validating programming data of the control panel; and
enabling a monitoring station to respond to the information from the control panel if its programming data was validated.
2. The method of claim 1, wherein validating programming data of the control panel comprises:
the control panel sending a value representing the programming data; and
a server system matching the value to a stored value representing stored programming data for the same control panel.
3. The method of claim 1, wherein upon failing to validate the programming data of the control panel, sending stored programming data to the control panel, and the control panel updating its programming data with the received programming data.
4. The method of claim 1, further comprising the control panel calculating a value representing the programming data of the control panel in response to modification of and/or updates to its programming data.
5. The method of claim 1, further comprising a communicator connected to the control panel calculating a value representing the programming data of the control panel in response to modification of and/or updates to the programming data.
6. The method of claim 1, wherein validating programming data of the control panel is accomplished during initialization of the control panel, and wherein the initialization resumes after the programming data is validated.
7. The method of claim 1, wherein validating programming data of the control panel is accomplished periodically.
8. A system for processing information from a control panel in a building management system, the system comprising:
a server system that validates programming data of the control panel; and
a monitoring station that responds to the information from the control panel once the server system has validated the programming data.
9. The system of claim 8, wherein the control panel sends a value representing the programming data and the server system matches the value to a stored value representing stored programming data for the same control panel.
10. The system of claim 8, wherein the server system upon failing to validate the programming data of the control panel, sends stored programming data to the control panel, and the control panel updates its programming data with the received programming data.
11. The system of claim 8, wherein the control panel calculates a value representing the programming data of the control panel in response to modification of and/or updates to its programming data.
12. The system of claim 8, further comprising a communicator connected to the control panel that calculates a value representing the programming data of the control panel in response to modification of and/or updates to the programming data.
13. The system of claim 8, wherein the panel validates programming data during initialization resumes initialization after the programming data is validated.
14. The system of claim 8, wherein the panel periodically validates programming data.
15. A method of operation of a control panel in a building management system, the method comprising:
during initialization or periodically validating programming data of the control panel; and
then resuming initialization or operation if the programming data was validated.
16. The method of claim 15, wherein the programming data is validated by sending a fingerprint corresponding to the programming data to a server system.
17. A control panel in a building management system, comprising:
a microcontroller storing programming data of the panel; and
a communicator for communicating a fingerprint corresponding to the programming data to a server system.
US15/897,948 2017-07-24 2018-02-15 Method of confirming remote programming of device by monitoring station Active 2038-11-25 US10795328B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/897,948 US10795328B2 (en) 2017-07-24 2018-02-15 Method of confirming remote programming of device by monitoring station

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762536166P 2017-07-24 2017-07-24
US15/897,948 US10795328B2 (en) 2017-07-24 2018-02-15 Method of confirming remote programming of device by monitoring station

Publications (2)

Publication Number Publication Date
US20190025777A1 true US20190025777A1 (en) 2019-01-24
US10795328B2 US10795328B2 (en) 2020-10-06

Family

ID=65018945

Family Applications (3)

Application Number Title Priority Date Filing Date
US15/897,936 Active 2039-02-24 US10747185B2 (en) 2017-07-24 2018-02-15 System and method for performing encryption between alarm panel and monitoring station
US15/897,948 Active 2038-11-25 US10795328B2 (en) 2017-07-24 2018-02-15 Method of confirming remote programming of device by monitoring station
US15/909,625 Active US10386803B2 (en) 2017-07-24 2018-03-01 Account number substitution for dial capture and IP based communicators

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US15/897,936 Active 2039-02-24 US10747185B2 (en) 2017-07-24 2018-02-15 System and method for performing encryption between alarm panel and monitoring station

Family Applications After (1)

Application Number Title Priority Date Filing Date
US15/909,625 Active US10386803B2 (en) 2017-07-24 2018-03-01 Account number substitution for dial capture and IP based communicators

Country Status (1)

Country Link
US (3) US10747185B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112037486A (en) * 2020-09-10 2020-12-04 深圳市泛海检测认证有限公司 Control method, terminal and device of fire alarm system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11388192B2 (en) 2018-07-09 2022-07-12 Blackberry Limited Managing third party URL distribution
EP3813032A1 (en) * 2019-10-25 2021-04-28 Carrier Corporation Adaptive fire detection

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030061487A1 (en) * 2001-09-25 2003-03-27 Angelo Michael F. Authentication and verification for use of software
US20030192033A1 (en) * 2002-04-04 2003-10-09 Gartside Paul Nicholas Validating computer program installation
US6950863B1 (en) * 2000-12-21 2005-09-27 Cisco Technology, Inc. Method and system for verifying a software upgrade for a communication device
US6986132B1 (en) * 2000-04-28 2006-01-10 Sun Microsytems, Inc. Remote incremental program binary compatibility verification using API definitions
US20060277414A1 (en) * 2004-04-30 2006-12-07 Fujitsu Limited Data managing device equipped with various authentication functions
US7956740B2 (en) * 2008-08-18 2011-06-07 Tyco Safety Products Canada Ltd. Alarm system configuration validation
US20140196134A1 (en) * 2013-01-08 2014-07-10 Panasonic Corporation Verification method for verifying validity of program, and verification system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080220880A1 (en) * 2005-09-07 2008-09-11 Bally Gaming, Inc. Trusted Cabinet Identification System
US20070290830A1 (en) * 2006-06-15 2007-12-20 Phase Iv Partners, Inc. Remotely monitored security system
US8781633B2 (en) * 2009-04-15 2014-07-15 Roberto Fata Monitoring and control systems and methods
US8385511B2 (en) * 2010-11-15 2013-02-26 Telular Corporation Dial capture alarm interface with integrated voice
US8798260B2 (en) * 2011-04-04 2014-08-05 Numerex Corp. Delivery of alarm system event data and audio
US20130076510A1 (en) * 2011-09-26 2013-03-28 Telular Corporation Broadband Alarm Reporting Using a Local Wireless Network
US9893935B2 (en) * 2012-02-13 2018-02-13 Cinch Systems, Inc. Dynamic information exchange for remote security system
US8972730B2 (en) * 2013-03-08 2015-03-03 Honeywell International Inc. System and method of using a signed GUID
CN110648510A (en) * 2013-10-14 2020-01-03 康郭德亚洲私人有限公司 Mobile control unit, facility management system, mobile unit control system, facility management method, and mobile unit control method
US10616181B2 (en) * 2017-06-08 2020-04-07 Johnson Controls Fire Protection LP Security panel gateway system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6986132B1 (en) * 2000-04-28 2006-01-10 Sun Microsytems, Inc. Remote incremental program binary compatibility verification using API definitions
US6950863B1 (en) * 2000-12-21 2005-09-27 Cisco Technology, Inc. Method and system for verifying a software upgrade for a communication device
US20030061487A1 (en) * 2001-09-25 2003-03-27 Angelo Michael F. Authentication and verification for use of software
US20030192033A1 (en) * 2002-04-04 2003-10-09 Gartside Paul Nicholas Validating computer program installation
US20060277414A1 (en) * 2004-04-30 2006-12-07 Fujitsu Limited Data managing device equipped with various authentication functions
US7956740B2 (en) * 2008-08-18 2011-06-07 Tyco Safety Products Canada Ltd. Alarm system configuration validation
US20140196134A1 (en) * 2013-01-08 2014-07-10 Panasonic Corporation Verification method for verifying validity of program, and verification system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112037486A (en) * 2020-09-10 2020-12-04 深圳市泛海检测认证有限公司 Control method, terminal and device of fire alarm system

Also Published As

Publication number Publication date
US20190027019A1 (en) 2019-01-24
US10747185B2 (en) 2020-08-18
US20190028270A1 (en) 2019-01-24
US10795328B2 (en) 2020-10-06
US10386803B2 (en) 2019-08-20

Similar Documents

Publication Publication Date Title
US10042630B1 (en) Software updates from a security control unit
US8179256B2 (en) Server based distributed security system
US10255773B2 (en) Security system providing a localized humanly-perceivable alert for identifying a facility to emergency personnel
US10073929B2 (en) Security system using visual floor plan
EP2128834A1 (en) Inexpensive mass market alarm system with alarm monitoring and reporting
US10795328B2 (en) Method of confirming remote programming of device by monitoring station
US9147088B2 (en) Method for monitoring a tamper protection and monitoring system for a field device having tamper protection
US10616181B2 (en) Security panel gateway system and method
US20150188725A1 (en) Security and automation system
KR101814544B1 (en) Methods and systems for remote management of security systems
US10504042B2 (en) Methods for prompting a user to use enhanced automation system features, and systems and devices related thereto
EP1952614B1 (en) Method and system for remotely updating security systems
US20200064796A1 (en) Building Management System with Blockchain Ledger
CA2941458A1 (en) Fast replacement z-wave device in home automation
JP2013090167A (en) Building facility apparatus management system coupling system, building facility apparatus management system coupling method and building facility apparatus management system coupling program
US10018981B2 (en) Monitoring removal of an automation control panel
US9686161B2 (en) Consensus loss in distributed control systems
US9183735B1 (en) Methods and systems for remote management of security systems
KR102019282B1 (en) Security system and method
KR102009108B1 (en) Control server and control server control method
JP2003271238A (en) Remote maintenance method and system thereof
CN113366857B (en) Equipment control device, equipment control method, and computer program
WO2021124993A1 (en) Control system and control method
JP4757546B2 (en) Monitoring and reporting system
US20210158684A1 (en) Systems and methods for activating monitoring of a security system by a central monitoring station

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: TYCO SAFETY PRODUCTS CANADA LTD., CANADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FOISY, STEPHANE;SMITH, DEREK;SALSMAN, DWAYNE RICHARD;AND OTHERS;REEL/FRAME:045017/0811

Effective date: 20180215

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: JOHNSON CONTROLS TYCO IP HOLDINGS LLP, WISCONSIN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TYCO SAFETY PRODUCTS CANADA LTD;REEL/FRAME:058562/0714

Effective date: 20210617

AS Assignment

Owner name: JOHNSON CONTROLS TYCO IP HOLDINGS LLP, WISCONSIN

Free format text: NUNC PRO TUNC ASSIGNMENT;ASSIGNOR:TYCO SAFETY PRODUCTS CANADA LTD.;REEL/FRAME:058957/0105

Effective date: 20210806

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4